Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Bizarre FTP behaviour for some files

To: "'[email protected]'" <[email protected]>
Subject: RE: [FW1] Bizarre FTP behaviour for some files
From: Adrian Wilson <[email protected]>
Date: Thu, 7 Sep 2000 12:48:24 +0100
Sender: [email protected]

Thanks for the advice - did sound promising. However disabling Path MTU-D
made no difference nor did enabling ICMP nor did reducing MTU.

Our setup uses Static NAT of DMZ servers to the outside; no NAT to the
inside. Internal machines going out use a hiding address. The problem is
specific to machines on the internal network i.e. machines accessing our FTP
server (on the DMZ) from outside can GET all files without a problem.

Internal machines experience download failures for _specific_ file downloads
from both the DMZ and Internet. Some files download without a problem. The
failure point is consistent e.g. 140K for HP's Jetdirect Admin. tool.

Any ideas would be appreciated...

TIA
Adrian Wilson

-----Original Message-----
From: Ing. Eduardo Frias T. [mailto:[email protected]]
Sent: 06 September 2000 17:11
To: Adrian Wilson
Cc: '[email protected]'
Subject: Re: [FW1] Bizarre FTP behaviour for some files






Check PATH-MTU Discovery with icmp filtering.

Probably that is the cause. If you are dropping icmp packets in your
router then surely that is the cause. Solution: Lower the MTU value.

Let me know if that helps you.

On Wed, 6 Sep 2000, Adrian Wilson wrote:

> 
> Dear All,
> 
> We are experiencing a very strange problem with FTP downloads. We are able
> to establish FTP connections with remote servers and initiate data
> downloads. However, certain files stall (sometimes continue
intermittantly)
> and the behaviour is repeatable. We tested this using our own FTP server
on
> our DMZ as follows:
> 
> Establish control connection
> GET a 10Mb ZIP file - 15 seconds
> GET the same ZIP file - 15 seconds
> GET a 10Mb DOC file - 5 seconds of rapid download, then small bursts of
data
> transfer, then restarts, then stalls and connection is eventually lost
> 
> This is absolutely consistent. The rule has been modified such that it is
> now INTERNAL ANY FTP ALLOW LOG (previously FTP was being scanned by ESPG).
> The log shows the connection being established and there are no drops.
> 
> I am guessing that there is something in the data stream that is causing
> FW-1 problems but this is causing a great deal of difficulty. Users are
> complaining lots and I really need to find a solution. Any help would be
> much appreciated.
> 
> Platform is Sun box running Solaris; FW-1 4.0 SP6.
> 
> Regards,
> Adrian Wilson.
> Infrastructure Engineer
> VEGA Group
> 
> 
> 
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
> 

--
Eduardo Frias
[email protected]




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] No Destination
Next by Date: [FW1] Problems with ICMP filtering
Previous by thread: Re: [FW1] Bizarre FTP behaviour for some files
Next by thread: [FW1] Account Management includes
Index(es):
- Date
- Thread